diff --git a/krb5-1.13.2.tar.sig b/krb5-1.13.2.tar.sig new file mode 100644 index 0000000..d16e5d8 --- /dev/null +++ b/krb5-1.13.2.tar.sig @@ -0,0 +1,14 @@ +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1 + +iQGcBAABAgAGBQJVTUldAAoJEKMvF/0AVcMF9IoMAIEawAFZ1pRw91oRN6c3eAxy +RYBuJWsEa73JtqKCRtz7LA3qgacnJ8FGTpXaGHB3zErO55+Bclo1KZsUoNDtT27O +bxjsptPBjp15zTZhavlIpAjANFmo6QpghUHpLNcLxH8pXgmQDztHnPaenStxF8Bv +P2oFKh31uY3gYzOKnYi/r14XKSTNpFiDiGty53KY61efAO4H7xRFMhBgN2Vv1pBm +FvekjCWRypN7ai2z+94cuVNIlu8eipDnU4oBb865fRKlflxCdpBmHLr1K5AgwSEb +OAvDUPAEV9GwBP94M0yAoPwGf5ZHPvdORXbHfX00lzX2SgV+9DH4BqJOnytOeuaT +PA1Z+7izF+Xja4iHMcYlyJ7a/sGWachlZrw2ifELlYUf4vtcPY5e6gH0hSMUoA7t +Ww18ryv5fPHT1l+/o2P03hzZSFllOXjVsComsfw6Ws7qzbFuigpiVYdBg1XKMi9L +kjA7j43FTHvVKjtrEubiW+YHxowQHu5DIeQWVqsBJg== +=KdUH +-----END PGP SIGNATURE----- diff --git a/krb5-mini.changes b/krb5-mini.changes index 586d321..ad77a25 100644 --- a/krb5-mini.changes +++ b/krb5-mini.changes @@ -33,6 +33,11 @@ This is a bug fix release. * Improve documentation. +------------------------------------------------------------------- +Thu Apr 23 14:13:03 UTC 2015 - hguo@suse.com + +- Use externally built libverto + ------------------------------------------------------------------- Wed Feb 18 11:48:46 UTC 2015 - michael@stroeder.com @@ -49,8 +54,9 @@ This is a bug fix release. * Fix multiple kadmind vulnerabilities, some of which are based in the gssrpc library. [CVE-2014-5352 CVE-2014-5352 CVE-2014-9421 CVE-2014-9422 CVE-2014-9423] + ------------------------------------------------------------------- -Tue Jan 6 07:20:54 UTC 2015 - mlin@suse.com +Tue Jan 6 07:12:29 UTC 2015 - mlin@suse.com - Update to krb5 1.13 * Add support for accessing KDCs via an HTTPS proxy server using the @@ -65,12 +71,12 @@ Tue Jan 6 07:20:54 UTC 2015 - mlin@suse.com * The KDC listens for TCP connections by default. * Fix a minor key disclosure vulnerability where using the "keepold" option to the kadmin randkey operation could return the old keys. [CVE-2014-5351] - * Add client support for the Kerberos Cache Manager protocol. If the host + * Add client support for the Kerberos Cache Manager protocol. If the host is running a Heimdal kcm daemon, caches served by the daemon can be accessed with the KCM: cache type. * When built on OS X 10.7 and higher, use "KCM:" as the default cache type, unless overridden by command-line options or krb5-config values. - * Add support for doing unlocked database dumps for the DB2 KDC back end, + * Add support for doing unlocked database dumps for the DB2 KDC back end, which would allow the KDC and kadmind to continue accessing the database during lengthy database dumps. - Removed patches, useless or upstreamed @@ -83,9 +89,21 @@ Tue Jan 6 07:20:54 UTC 2015 - mlin@suse.com - Refreshed patches * krb5-1.12-pam.patch * krb5-1.12-selinux-label.patch - * krb5-1.7-doublelog.patch + * krb5-1.7-doublelog.patch ------------------------------------------------------------------- +Thu Sep 25 12:48:32 UTC 2014 - ddiss@suse.com + +- Work around replay cache creation race; (bnc#898439). + krb5-1.13-work-around-replay-cache-creation-race.patch + +------------------------------------------------------------------- +Tue Sep 23 13:25:33 UTC 2014 - varkoly@suse.com + +- bnc#897874 CVE-2014-5351: krb5: current keys returned when randomizing the keys for a service principal +- added patches: + * bnc#897874-CVE-2014-5351.diff +------------------------------------------------------------------- Sat Aug 30 22:29:28 UTC 2014 - andreas.stieger@gmx.de - krb5 5.12.2: diff --git a/krb5-mini.spec b/krb5-mini.spec index 1f13afd..a422281 100644 --- a/krb5-mini.spec +++ b/krb5-mini.spec @@ -39,6 +39,7 @@ Obsoletes: krb5-plugin-preauth-pkinit-nss %if ! 0%{?build_mini} BuildRequires: doxygen BuildRequires: libopenssl-devel +BuildRequires: libverto-devel BuildRequires: openldap2-devel BuildRequires: pam-devel BuildRequires: python-Cheetah @@ -65,6 +66,9 @@ Conflicts: krb5-plugin-preauth-pkinit Conflicts: krb5-plugin-preauth-otp %endif Source: krb5-%{version}.tar.gz +# URL is actually http://web.mit.edu/kerberos/krb5-1.13/krb5-%version.sig +# but it is the signature of the tarball +Source42: krb5-%version.tar.sig Source1: vendor-files.tar.bz2 Source2: baselibs.conf Source5: krb5-rpmlintrc @@ -105,6 +109,8 @@ client programs, like kinit, kadmin, ... Summary: MIT Kerberos5 implementation - server Group: Productivity/Networking/Security Requires: cron +Requires: libverto +Requires: libverto-libev Requires: logrotate Requires: perl-Date-Calc %{?systemd_requires} @@ -163,6 +169,7 @@ Group: Development/Libraries/C and C++ PreReq: %{name} = %{version} Requires: keyutils-devel Requires: libcom_err-devel +Requires: libverto-devel # bug437293 %ifarch ppc64 Obsoletes: krb5-devel-64bit @@ -231,7 +238,8 @@ DEFCCNAME=DIR:/run/user/%%{uid}/krb5cc; export DEFCCNAME %endif --with-selinux \ --with-system-et \ - --with-system-ss + --with-system-ss \ + --with-system-verto %{__make} %{?_smp_mflags} %if ! 0%{?build_mini} cd doc @@ -451,7 +459,6 @@ rm -f %{buildroot}/%{_libdir}/krb5/plugins/preauth/otp.so %{_libdir}/libkdb5.so %{_libdir}/libkrb5.so %{_libdir}/libkrb5support.so -%{_libdir}/libverto.so %{_libdir}/libkrad.so %{_libdir}/pkgconfig/gssrpc.pc %{_libdir}/pkgconfig/kadm-client.pc @@ -511,7 +518,6 @@ rm -f %{buildroot}/%{_libdir}/krb5/plugins/preauth/otp.so %{_libdir}/libkdb5.so.* %{_libdir}/libkrb5.so.* %{_libdir}/libkrb5support.so.* -%{_libdir}/libverto.so.* %{_libdir}/libkrad.so.* %{_libdir}/krb5/plugins/kdb/* %{_libdir}/krb5/plugins/tls/* @@ -585,7 +591,6 @@ rm -f %{buildroot}/%{_libdir}/krb5/plugins/preauth/otp.so %{_libdir}/libkdb5.so.* %{_libdir}/libkrb5.so.* %{_libdir}/libkrb5support.so.* -%{_libdir}/libverto.so.* %{_libdir}/libkrad.so.* %files server diff --git a/krb5.spec b/krb5.spec index dc2156c..b6c2248 100644 --- a/krb5.spec +++ b/krb5.spec @@ -66,6 +66,9 @@ Conflicts: krb5-plugin-preauth-pkinit Conflicts: krb5-plugin-preauth-otp %endif Source: krb5-%{version}.tar.gz +# URL is actually http://web.mit.edu/kerberos/krb5-1.13/krb5-%version.sig +# but it is the signature of the tarball +Source42: krb5-%version.tar.sig Source1: vendor-files.tar.bz2 Source2: baselibs.conf Source5: krb5-rpmlintrc